benb's Journal: SSL Extended Validation (EV) guidelines draft published

The CA/Browser-forum finally published the guidelines using which the new "Extended Validation" SSL certificate owners will be checked. It defines this new sort of certificate technically and mandates how to verify the information included, which allows to have a little more trust in that the server is really operated by the company that the certificate claims it is. This is in contrast to the recently popular cheap Domain Validation certificates which only check that the cert owner has control over the domain, via weak mechanims, and not his identity. Browsers are supposed use the EV in the UI: MSIE7 will show a green URLbar and the cert holder, Opera has similar plans, mozilla.org is still discussing how to use it. Konqueror is also on board.

The guidelines (link to PDF at the top of their webpage page) were first supposed to be secret, but have now been published for public review. Useful and constructive comments can be left at their email address or at newsgroup mozilla.dev.security. Comments should be made soon (despite the size of the document), because the standard is supposed to be finalized this month.

P.S. Sorry for putting SSL under "security", but there was no better category ;-).